Atomic Wallet launches $1M bug bounty amid hacking lawsuit


The developer of Atomic Wallet has launched a $1-million bug bounty to find security flaws in its wallet software, according to a Dec. 18 announcement. The launch comes amid an ongoing class action lawsuit against the developer related to a $100-million hack in June.

Atomic Wallet bounty logo. Source: Atomic Wallet

According to the post, the development team is extending an invitation to ethical hackers and security experts worldwide to find software bugs and security flaws in its open-source code. White hat hackers who find the most serious type of vulnerability and report it to the team will receive $100,000. This type of vulnerability is defined as any that would allow “the ability to attack/drain a wallet without physical access, installed malware, or social engineering, indicating an actual over-the-internet attack and a flaw in our code or dependencies,” the announcement stated.

If a hacker reports bugs or flaws that do not fit this definition, they will be paid $500 to $10,000, depending on the severity of the vulnerability. For example, the post states that hackers will be paid $5,000 for the discovery of a “high-risk” vulnerability and $10,000 for a “critical-risk” one. The total amount of the bounty pool for all discoveries is $1 million.

Related: Immunefi launches on-chain bug bounties through ‘Vaults’ system

Atomic Wallet founder Konstantin Gladych claimed that the bug bounty program will help to ensure the wallet’s security going forward, stating:

“Recent events in the blockchain industry have once again reminded us that cybersecurity is a dynamic field, and the best way to stay ahead is by harnessing the creativity and expertise of the global community. We are confident and eager to see how this program will contribute to our mission of providing a secure and seamless user experience.”

In June, blockchain analytics platform Elliptic reported that over $100 million in crypto was stolen from Atomic Wallet users due to a cybersecurity attack. A report in August stated that victims of the attack are launching a class action against Atomic Wallet, seeking damages from the incident. The developer has sought to dismiss a similar lawsuit filed in the U.S. state of Colorado, claiming that it “has no ties” to the United States.

Atomic Wallet has acknowledged that some users have reported lost funds from a cybersecurity attack. According to the company, the attacks only affected 0.1% of users and may have been due to “a virus on user devices, an infrastructure breach, a man-in-the-middle attack or malware code injection.”